config: Add 20 files

graylog-client/config/service.env

@@ -0,0 +1,17 @@
+# Graylog Client Configuration (Fluent Bit)
+CONTAINER_NAME=graylog-client
+
+# Server settings (REQUIRED by dropshell)
+SSH_USER="root"
+
+# REQUIRED: Graylog server connection
+GRAYLOG_HOST=
+GRAYLOG_PORT=12201
+
+# Protocol: "udp" or "tcp" (default: udp)
+GRAYLOG_PROTOCOL=udp
+
+# Optional: Set a custom hostname label (defaults to actual hostname)
+# HOSTNAME_LABEL=
+
+TEMPLATE=graylog-client

graylog-client/docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+  fluent-bit:
+    image: ${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG}
+    container_name: ${CONTAINER_NAME}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/log:/var/log:ro
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - ${CONFIG_PATH}/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
+      - ${CONFIG_PATH}/parsers.conf:/fluent-bit/etc/parsers.conf:ro
+    environment:
+      - HOSTNAME=${HOSTNAME_LABEL:-${HOSTNAME}}
+    restart: unless-stopped

graylog-client/install.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+_check_required_env_vars "CONTAINER_NAME" "GRAYLOG_HOST" "GRAYLOG_PORT"
+
+# Check Docker
+_check_docker_installed || _die "Docker test failed"
+
+# Test connectivity to Graylog server
+echo "Testing connectivity to Graylog at ${GRAYLOG_HOST}:${GRAYLOG_PORT}..."
+if command -v nc >/dev/null 2>&1; then
+    nc -zv -w3 "$GRAYLOG_HOST" "$GRAYLOG_PORT" 2>/dev/null || echo "WARNING: Cannot connect to Graylog server. Will retry when container starts."
+else
+    echo "Note: 'nc' not installed, skipping connectivity test"
+fi
+
+# Stop any existing container
+bash ./stop.sh 2>/dev/null || true
+
+# Generate configuration
+echo "Generating configuration..."
+HOSTNAME=$(hostname)
+export HOSTNAME CONFIG_PATH GRAYLOG_HOST GRAYLOG_PORT GRAYLOG_PROTOCOL
+bash "$SCRIPT_DIR/scripts/generate-config.sh" || _die "Failed to generate configuration"
+
+# Start the client
+echo "Starting Graylog Client..."
+cd "$SCRIPT_DIR" || _die "Failed to change to script directory"
+docker compose up -d || _die "Failed to start"
+
+echo ""
+echo "========================================="
+echo "Graylog Client Installed!"
+echo "========================================="
+echo ""
+echo "Shipping logs to: ${GRAYLOG_HOST}:${GRAYLOG_PORT} (${GRAYLOG_PROTOCOL:-udp})"
+echo "Hostname label: $(hostname)"
+echo ""
+echo "Collecting:"
+echo "  - All Docker container logs"
+echo "  - System logs (/var/log/syslog, /var/log/messages)"
+echo "  - Auth logs (/var/log/auth.log, /var/log/secure)"
+echo ""
+echo "IMPORTANT: Create a GELF input in Graylog:"
+echo "  System -> Inputs -> Select 'GELF UDP' or 'GELF TCP'"
+echo "  Set port to ${GRAYLOG_PORT}"
+echo "========================================="

graylog-client/logs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars "CONTAINER_NAME"
+
+docker logs "$CONTAINER_NAME" "$@"

graylog-client/scripts/generate-config.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+# Generate Fluent Bit configuration for Graylog
+
+set -euo pipefail
+
+# Required environment variables
+: "${CONFIG_PATH:?CONFIG_PATH is required}"
+: "${GRAYLOG_HOST:?GRAYLOG_HOST is required}"
+: "${GRAYLOG_PORT:?GRAYLOG_PORT is required}"
+: "${GRAYLOG_PROTOCOL:=udp}"
+: "${HOSTNAME:=$(hostname)}"
+
+# Create parsers.conf
+cat > "${CONFIG_PATH}/parsers.conf" << 'EOF'
+[PARSER]
+    Name        docker
+    Format      json
+    Time_Key    time
+    Time_Format %Y-%m-%dT%H:%M:%S.%L
+    Time_Keep   On
+
+[PARSER]
+    Name        syslog
+    Format      regex
+    Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
+    Time_Key    time
+    Time_Format %b %d %H:%M:%S
+EOF
+
+# Create fluent-bit.conf
+cat > "${CONFIG_PATH}/fluent-bit.conf" << EOF
+[SERVICE]
+    Flush        5
+    Daemon       Off
+    Log_Level    info
+    Parsers_File parsers.conf
+
+# Collect Docker container logs
+[INPUT]
+    Name              forward
+    Listen            0.0.0.0
+    Port              24224
+
+[INPUT]
+    Name              tail
+    Tag               docker.*
+    Path              /var/lib/docker/containers/*/*.log
+    Parser            docker
+    DB                /fluent-bit/etc/docker.db
+    Mem_Buf_Limit     50MB
+    Skip_Long_Lines   On
+    Refresh_Interval  10
+
+# Collect syslog
+[INPUT]
+    Name              tail
+    Tag               syslog
+    Path              /var/log/syslog,/var/log/messages
+    DB                /fluent-bit/etc/syslog.db
+    Mem_Buf_Limit     5MB
+    Skip_Long_Lines   On
+    Refresh_Interval  10
+
+# Collect auth logs
+[INPUT]
+    Name              tail
+    Tag               auth
+    Path              /var/log/auth.log,/var/log/secure
+    DB                /fluent-bit/etc/auth.db
+    Mem_Buf_Limit     5MB
+    Skip_Long_Lines   On
+    Refresh_Interval  10
+
+# Add hostname to all records
+[FILTER]
+    Name              record_modifier
+    Match             *
+    Record            hostname ${HOSTNAME}
+
+# Output to Graylog via GELF
+[OUTPUT]
+    Name              gelf
+    Match             *
+    Host              ${GRAYLOG_HOST}
+    Port              ${GRAYLOG_PORT}
+    Mode              ${GRAYLOG_PROTOCOL}
+    Gelf_Short_Message_Key log
+EOF
+
+echo "Configuration generated successfully"

graylog-client/start.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+_check_required_env_vars "CONTAINER_NAME"
+
+cd "$SCRIPT_DIR" || _die "Failed to change to script directory"
+docker compose up -d || _die "Failed to start"
+
+echo "Graylog client started"

graylog-client/status.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars "CONTAINER_NAME"
+
+if _is_container_running "$CONTAINER_NAME"; then
+    echo "Running"
+else
+    echo "Stopped"
+fi

graylog-client/stop.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+_check_required_env_vars "CONTAINER_NAME"
+
+cd "$SCRIPT_DIR" || _die "Failed to change to script directory"
+docker compose down || true
+
+echo "Graylog client stopped"

graylog-client/template_info.env

@@ -0,0 +1,17 @@
+# DO NOT EDIT THIS FILE FOR YOUR SERVICE!
+# This file is replaced from the template whenever there is an update.
+# Edit the service.env file to make changes.
+
+# Template to use - always required!
+TEMPLATE=graylog-client
+REQUIRES_HOST_ROOT=false
+REQUIRES_DOCKER=true
+REQUIRES_DOCKER_ROOT=true
+
+# Service settings
+CONTAINER_NAME=graylog-client
+
+# Image settings
+IMAGE_REGISTRY="docker.io"
+IMAGE_REPO="fluent/fluent-bit"
+IMAGE_TAG="latest"

graylog-client/uninstall.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+_check_required_env_vars "CONTAINER_NAME"
+
+cd "$SCRIPT_DIR" || _die "Failed to change to script directory"
+
+# Stop and remove containers
+docker compose down || true
+
+# Remove the container if it still exists
+_remove_container "$CONTAINER_NAME" 2>/dev/null || true
+
+echo "Graylog client uninstalled"